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System and method for secure duplex browser communication over disparate networks 



(57) A system and method for secure duplex brows- 
er communication over disparate networks provides du- 
plex communication between applications such as a 
browser program running on a client computer system 
and server applications running on a server computer 
system. Standard web-based protocols used with the 
duplex communication allow use of built-in browser pro- 
gram features such as related to security and navigation 
that would otherwise be specially provided. Given the 
request- response nature of many of the standard web- 
based protocols, use of standard web-based protocols 
for duplex communication has not been readily attaina- 
ble in the past. A duplex transport system to provide the 
duplex communication includes a client component run- 
ning on the client computer system and a server com- 
ponent running on the server computer system. The 
browser program controls one or more browser applica- 
tions configured to run on the client computer system. 
One or more instances of the client component and one 
or more instances of the server component are run to 
form one or more sessions each having session identi- 
fiers. Each session has one or more data pipes, which 
are sub-sessions. A particular data pipe has a pipe iden- 
tifier and provides two independent data paths of duplex 
data traffic between the browser applications that are 
communicatively linked to the instance of the client com- 
ponent and the server applications communicatively 
linked to the instance of the server component that are 
both associated with the respective session of the par- 
ticular data pipe. Messages of the duplex data traffic 
contain both session and data pipe identifiers. 
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the client and server computers used in the depicted 
embodiment of the present invention. 
[0011] Figure 3 is a flowchart detailing actions in- 
volved in establishing a communication session used in 
the depicted embodiment. 

[0012] Figures 4 - 7 are communication diagrams il- 
lustrating implementations for upstream and down- 
stream components of data pipes used in the depicted 
embodiment. 

DETAILED DESCRIPTION OF THE INVENTION 

[001 3] A browser communication system and related 
method for secure, duplex browser communication over 
disparate networks is described. In the following de- 
scription, numerous specific details are provided to pro- 
vide a thorough understanding of embodiments of the 
invention. One skilled in the relevant art, however, will 
recognize that the invention can be practiced without 
one or more of these specific details, orwith other equiv- 
alent elements and components, etc. In other instances, 
well-known components and elements are not shown, 
or not described in detail, to avoid obscuring aspects of 
the invention or for brevity. 

[0014] Figure 1 and the following discussion provide 
a brief, general description of a suitable computing en- 
vironment in which the invention can be implemented. 
Although not required, embodiments of the invention will 
be described in the general context of computer-execut- 
able instructions, such as program application modules, 
objects, or macros being executed by a personal com- 
puter. Those skilled in the relevant art will appreciate 
that the invention can be practiced with other computer 
system configurations, including hand-held devices, 
multiprocessor systems, microprocessor-based or pro- 
grammable consumer electronics, network PCs, mini 
computers, mainframe computers, and the like. The in- 
vention can be practiced in distributed computing envi- 
ronments where tasks or modules are performed by re- 
mote processing devices, which are linked through a 
communications network. In a distributed computing en- 
vironment, program modules may be located in both lo- 
cal and remote memory storage devices. 
[0015] Referring to Figure 1 , a conventional personal 
computer referred herein as a client computer 10 in- 
cludes a processing unit 12, a system memory 14 and 
a system bus 1 6 that couples various system compo- 
nents including the system memory to the processing 
unit. The processing unit 12 may be any logic process- 
ing unit, such as one or more central processing units 
(CPUs), digital signal processors (DSPs), application- 
specific integrated circuits (ASIC), etc. Unless de- 
scribed otherwise, the construction and operation of the 
various blocks shown in Figure 1 are of conventional de- 
sign. As a result, such blocks need not be described in 
further detail herein, as they will be understood by those 
skilled in the relevant art. 

[001 6] The system bus 1 6 can employ any known bus 



structures or architectures, including a memory bus with 
memory controller, a peripheral bus, and a local bus. 
The system memory 14 includes read-only memory 
("ROM") 18 and random access memory ("RAM") 20. A 
5 basic input/output system ("BIOS") 22, which can form 
part of the ROM 18, contains basic routines that help 
transfer information between elements within the client 
computer 10, such as during start-up. 
[0017] The client computer 10 also includes a hard 

10 disk drive 24 for reading from and writing to a hard disk 
25, and an optical disk drive 26 and a magnetic disk 
drive 28 for reading from and writing to removable opti- 
cal disks 30 and magnetic disks 32, respectively. The 
optical disk 30 can be a CD-ROM, while the magnetic 

15 disk 32 can be a magnetic floppy disk or diskette. The 
hard disk drive 24, optical disk drive 26 and magnetic 
disk drive 28 communicate with the processing unit 12 
via the bus 1 6. The hard disk drive 24, optical disk drive 
26 and magnetic disk drive 28 may include interfaces or 

20 controllers (not shown) coupled between such drives 
and the bus 1 6, as is known by those skilled in the rel- 
evant art. The drives 24, 26 and 28, and their associated 
computer-readable media, provide nonvolatile storage 
of computer readable instructions, data structures, pro- 

25 gram modules and other data for the client computer 1 0 . 
Although the depicted client computer 1 0 employs hard 
disk 25, optical disk 30 and magnetic disk 32, those 
skilled in the relevant art will appreciate that other types 
of computer-readable media that can store data acces- 

30 sible by a computer may be employed, such as magnet- 
ic cassettes, flash memory cards, digital video disks 
("DVD"), Bernoulli cartridges, RAMs, ROMs, smart 
cards, etc. 

[001 8] Program modules can be stored in the system 

35 memory 14, such as an operating system 34, one or 
more application programs 36, other programs or mod- 
ules 38 and program data 40. The system memory 14 
also includes a browser 41 for permitting the client com- 
puter 10 to access and exchange data with sources 

^0 such as web sites of the Internet, corporate intranets, or 
other networks as described below, as well as other 
server applications on server computers such as those 
further discussed below. The browser 41 is markup lan- 
guage based, such as Hypertext Markup Language 

^5 (HTML) and operates with markup languages that use 
syntactically delimited characters added to the data of 
a document to represent the structure of the document. 
[0019] While shown in Figure 1 as being stored in the 
system memory 14, the operating system 34 : applica- 

50 tion programs 36, other programs/modules 38, program 
data 40 and browser 41 can be stored on the hard disk 
25 of the hard disk drive 24, the optical disk 30 of the 
optical disk drive 26 and/or the magnetic disk 32 of the 
magnetic disk drive 28. A user can enter commands and 

55 information into the client computer 1 0 through input de- 
vices such as a keyboard 42 and a pointing device such 
as a mouse 44. Other input devices can include a mi- 
crophone, joystick, game pad, scanner, etc. These and 
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client computer 1 0, or a virtual machine. In the depicted 
embodiment, the DT/Browser 38a and the DT/Server 
60a communicate using the HTTP. Security features uti- 
lized by the depicted embodiment include those speci- 
fied by Internet and World Wide Web (WWW) standards 
organizations, such as SSL/TLS and IPSEC. 
[0027] Other embodiments of the duplex transport 
system 1 00 utilize other request-response type proto- 
cols, other compatible security protocols and media for 
communication, and/or the same and/or other protocols 
approved by communications standards organizations 
including but not limited to such standards organizations 
as the International Telecommunications Union (ITU) in- 
cluding such committees as the Telecommunications, 
and the Telecommunications Standards Sector commit- 
tee, and the Internet Architecture Board including such 
task forces as the Internet Engineering Task Force and 
the Internet Research Task Force. 
[0028] All communication between the browser appli- 
cations 36a and one of the server applications 60c is 
conducted through one of the data pipes 1 02. A DT Ses- 
sion is an association between an instance of the DT/ 
Browser 38a and an instance of the DT/Server 60a. The 
server computer 60 can support one or more concurrent 
instances of the DT/Server 60a having associations 
through DT Sessions with one or more instances of the 
DT/Browser 38a existing on one or more of the client 
computers 10. Creation of the data pipes 102 are de- 
pendent upon creation of one or more DT Sessions. 
[0029] The process of creating a DT Session starts 
with one of the server applications 60c registering a Ses- 
sion Listener callback function with the DT/Server 60a 
(step 1 1 2 of Figure 3). Based upon some initiating action 
on the client computer 10, one of the browser applica- 
tions 36a creates an instance of the DT/Browser 38a to 
run on the client computer (step 114). Subsequently, the 
DT/Browser 38a establishes communication over the 
WAN/Internet 66 with a daemon running on the server 
computer 60 (step 116), which consequently causes 
creation of an instance of the DT/Server 60a to run on 
the server computer 60 (step 11 8). A Session Identifier 
that is unique to the particular DT Session is assigned 
(step 1 20) to be used in managing each DT Session cre- 
ated because DT Sessions may be multiplexed through 
a single network socket resource. The server applica- 
tion 60c that registered the Session Listener is then no- 
tified of the new instance of the DT/Server 60a (step 
122). 

[0030] Each DT Session provides one or more of the 
data pipes 102, which are independent duplex sub-ses- 
sions. Upon creation, each DT Session provides a first 
data pipe 1 02 referred to as the primary pipe. If more of 
the data pipes 102 are required, either one of the brows- 
er applications 36a or one of the server applications 60c 
submits requests with respect to the particular DT Ses- 
sion involved. To create more of the data pipes 102 in 
addition to the primary pipe for a particular DT Session, 
the server application 60c associated with the particular 



DT Session registers a Pipe Listener callback function 
with the DT/Server instance of the particular DT Session 
(step 1 24). When the browser application 36a of the par- 
ticular DT Session create an instance of the data pipe 
5 1 02 from the associated DT/Browser instance, a corre- 
sponding instance of the data pipe 102 from the asso- 
ciated DT/Server instance is also created (step 126), 
and the associated server application 60c is notified 
through the Pipe Listener callback function (step 128). 

io Alternatively, a DT/Server instance can initiate the data 
pipe 102 through steps 124, 126, and 128. As a result 
of a DT/Server instance initiating a data pipe 102, an 
associated DT/Browser instance is created. If more 
pipes are required (yes in step 130), the procedure is 

15 repeated starting with registering another Pipe Listener 
(step 124). Otherwise, the procedure ends if no more 
pipes are required. Pipes may be closed and new ones 
created at any time while the DT Session is active. 
[0031] Each of the data pipes 1 02 is assigned a Pipe 

20 identifier that is unique to its associated DT Session. 
The Pipe Identifier is important because every request 
and reply message as part of request-reply communi- 
cation between associated instances of the DT/Browser 
38a and the DT/Server 60a carries multiplexed pipe traf- 

25 fic. Each request - reply carries message parameters 
including the Pipe Identifier and a Pipe Sequence 
Number, which identifies order sequence of messages 
within a particular one of the data pipes 102. The Pipe 
Sequence Number is used for matching requests and 

30 replies for overlapped requests (discussed further be- 
low). 

[0032] The duplex transport system 100 includes 
three browser functions to be used with the data pipes 
1 02 associated with the instance of the DT/Browser 38a 

35 and three server functions to be used with the data pipes 
1 02 associated with the instance of the DT/Server 60a. 
The three browser functions include Browser Write, 
Browser Read (synchronous), and Browser Receive 
(asynchronous). In alternative embodiments having cli- 

40 ent applications involving duplex communication with 
other server applications, similar write, read, and re- 
ceive functions would be utilized by the client applica- 
tions. Under Browser Write, one of the browser applica- 
tions 36a presents its data buffer and length. Control re- 

45 turns to the browser application 36a either after data has 
been placed in an outgoing buffer of the data pipe 102 
of the associated instance of the DT/Browser 38a, after 
the data has been sent to the data pipe 1 02 of the as- 
sociated instance of the DT/Server 60a, or after a reply 

50 has been received from the data pipe 102 of the asso- 
ciated instance of the DT/Server 60a. 
[0033] Under Browser Read (synchronous), one of 
the browser applications 36a presents its data buffer for 
reading and its buffer maximum length. Data is placed 

55 in the data buffer of the browser application 36a and 
control returned to the browser application either when 
data is received from the data pipe 1 02 of the associated 
instance of the DT/Server 60a or when data exists in the 
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associated instance of the DT/Browser 38a receives the 
initial HTTP Post Reply (communication 148) causing 
overlapping. Pipe Sequence Numbers are used for 
tracking the HTTP requests and replies and are partic- 
ularly helpful with the overlapping of the upstream over- 
lapped implementation. 

[0041] For server-to-client single direction data flow, 
the downstream components of the data pipes 102 of 
the DT/Browser 38a and the DT/Server 60a have a 
downstream basic implementation and a downstream 
read-ahead implementation. The downstream basic im- 
plementation starts when one of the browser applica- 
tions 38a that is associated with a particular DT Session 
prepares to receive data from one of the server applica- 
tions 60c that is associated with the same particular DT 
Session by invoking the Browser Read function and pre- 
senting the data buffer of the browser application to the 
downstream component of the data pipe 1 02 of the in- 
stance of the DT/Browser 38a associated with the par- 
ticular DT Session (communication 160 of Figure 6). 
[0042] Next the associated instance of the DT/Brows- 
er 38a sends an HTTP Get Request to the instance of 
the DT/Server 60a associated with the particular DT 
Session (communication 162). If no data is available at 
the instance of the DT/Server 60a associated with the 
particular DT Session from the associated server appli- 
cation 60c when the associated instance of the DT/Serv- 
er 60a receives the HTTP Get Request, a timer is started 
with a Get Timeout value. If the timer expires before any 
data is available, an HTTP Get Reply with no data is 
sent back to the associated instance of the DT/Browser 
38a causing the associated instance of the DT/Browser 
to re-send the HTTP Get Request. This refresh cycle is 
intended to keep the browser from timing out and closing 
the connection prematurely. 

[0043] In the case illustrated in Figure 6, the associ- 
ated server application 60c sends data to the data pipe 
1 02 of the associated instance of the DT/Server 60a with 
a Server Write (communication 1 64) before timer expi- 
ration. The associated instance of the DT/Server 60a 
then sends a HTTP Get Reply with the data to the as- 
sociated instance of the DT/Browser 38a (communica- 
tion 166) and returns control to the associated server 
application 60c with a Server Write Return (communi- 
cation 168). The data pipe 102 of the associated in- 
stance of the DT/Browser 38a then returns control to the 
associated browser application 36a along with the data 
with a Browser Read Return (communication 170). 
[0044] The downstream read-ahead implementation 
(Figure 7) differs from the downstream basic implemen- 
tation (Figure 6) in that the downstream basic implemen- 
tation relies on the Browser Read function to cause an 
HTTP Get Request, whereas the downstream read- 
ahead implementation issues an HTTP Get request in- 
dependently of any Browser Reads. As a consequence 
of this difference between the downstream basic and 
downstream read-ahead implementations, the order of 
communication for the downstream basic implementa- 



tion is 160, 162, 164, 166, 168, and 170 as shown in 
Figure 6, whereas the order of communication for the 
downstream read-ahead implementation is 162, 164, 
166, 168, 160, and 172 as shown in Figure 7. With the 
5 downstream read-ahead implementation (Figure 7), da- 
ta is sent from the associated server application 60c 
through the data pipe 1 02 of the associated instance of 
the DT/Server 60a on to the data pipe 102 of the asso- 
ciated instance of the DT/Browser 38a (particularly com- 
ic munications 162, 164, and 166) before the associated 
browser application 36a prepares to receive data by in- 
voking the Browser Read (communication 160). 
[0045] For the downstream read-ahead implementa- 
tion (Figure 7), after the Browser Read (communication 
15 160) occurs, the data pipe 102 of the associated in- 
stance of the DT/Browser 38a sends a Browser Read 
Return (synchronous) along with the data to the asso- 
ciated browser application 36a (communication 172). 
The downstream read-ahead implementation has an 
20 option for the associated instance of the DT/Browser 
38a of using a Browser Receive (asynchronous) to send 
data to the associated browser application 36a instead 
of a Browser Read Return for communication 172. If the 
Browser Receive is used, then the Browser Read in 
25 communication 160 is unnecessary. The downstream 
basic implementation does not have the Browser Re- 
ceive (asynchronous) option. When using the Browser 
Read (synchronous) option , if a Browser Read (commu- 
nication 1 60) is not outstanding when data arrives at the 
30 associated instance of the DT/Browser 38a, the data is 
buffered. A buffer full condition will block subsequent 
HTTP Get Requests from the associated instance of DT/ 
Browser 38a until for example, a Browser Read (com- 
munication 160) is received by the associated instance 
35 of the DT/Browser 38a. 

[0046] Another version of the downstream read- 
ahead implementation includes an overlapped feature 
whereas the associated instance of the DT/Browser 38a 
may send additional HTTP Get Requests to the instance 
40 of the DT/Server 60a associated with the particular DT 
Session in one or more additional communications 162. 
The instance of the DT/Server 60a associated with the 
particular DT session queues each HTTP Get request 
until data is available from additional Server Write data 
45 calls (additional communications 164). This causes an 
overlapping of the communication wherein pipe se- 
quence numbers are used to track the overlapping. 
[0047] From the foregoing it will be appreciated that, 
although specific embodiments of the invention have 
50 been described herein for purposes of illustration, vari- 
ous modifications may be made without deviating from 
the spirit and scope of the invention. Accordingly, the 
invention is not limited except as by the appended 
claims. 

55 
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8. A duplex transport system for use with a client com- 
puter system having a client application controlling 
a utility application, the client computer system 
communicatively linked to a network system and a 
server computer system having a server applica- 
tion, the server computer system communicatively 
linked to the network system, the duplex transport 
system comprising: 

a client component configured to run as an in- 
stance on the client computer system, the in- 
stance of the client component being commu- 
nicatively linked to one of the utility applica- 
tions; 

a server component configured to run as an in- 
stance on the server computer system, the in- 
stance of the server component being commu- 
nicatively linked to one of the server applica- 
tions; and 

the client component and the server compo- 
nent configured such that the instance of the 
client component is associated with the in- 
stance of the server component in an associa- 
tion to form a session , the session having a ses- 
sion identifier and a sub-session designated as 
a data pipe, the data pipe having a pipe identi- 
fier and configured to provide two independent 
data paths of duplex data traffic between the 
utility application communicatively linked to the 
instance of the client component and the server 
application communicatively linked to the in- 
stance of the server component. 

9. The duplex transport system of claim 8 wherein the 
client computer and the server component are fur- 
ther configured such that the duplex data traffic of 
the data pipe of the session formed from the asso- 
ciation between the instance of the client compo- 
nent and the instance of the server component uti- 
lizes Hypertext Transfer Protocol (HTTP), Hyper- 
text Transfer Protocol Secure (HTTPS), Internet 
Protocol Secure (IPSEC), Secure Sockets Layer/ 
Transport Layer Security (SSL/TLS), other request- 
response protocols, and/or the same and/or other 
protocols approved by communication standards 
organizations including but not limited to such 
standards organizations as the International Tele- 
communications Union (ITU) including such com- 
mittees as the Telecommunications, and the Tele- 
communications Standards Sector committee, and 
the Internet Architecture Board including such task 
forces as the Internet Engineering Task Force and 
the Internet Research Task Force. 

10. The duplex transport system of claim 8 wherein the 
client computer and the server component are fur- 
ther configured such that the data pipe of the ses- 
sion formed from the association between the in- 



16 

stance of the client component and the instance of 
the server component provides the data paths of 
duplex data traffic comprising messages that each 
contain the pipe identifier. 

5 

1 1 . The duplex transport system of claim 8 wherein the 
client computer and the server component are fur- 
ther configured such that the data pipe of the ses- 
sion formed from the association between the in- 
fo stance of the client component and the instance of 

the server component data pipe is configured to 
provide data paths of duplex data traffic comprising 
messages that each contain the pipe identifier iden- 
tifying the data pipe and a pipe sequence number, 
15 the pipe sequence number identifying an order of 
the messages in the duplex data traffic associated 
with the data pipe. 

1 2. The duplex transport system of claim 8 wherein the 
20 client computer and the server component are fur- 
ther configured such that the session formed from 
the association between the instance of the client 
component and the instance of the server compo- 
nent further comprises a second data pipe being a 

25 second sub-session of the session, the second data 
pipe having a pipe identifier, configured to provide 
two additional independent data paths of a second 
duplex data traffic between the utility application 
and the server application, and being a secondary 
30 data pipe. 

13. The duplex transport system of claim 8 wherein the 
client component is configured to run with a browser 
program. 

35 

14. The duplex transport system of claim 8 wherein the 
client component and the server component are fur- 
ther configured to run as second instances where 
the second instances of the client component and 

40 server component are associated in an association 
to form a second session having a session identifier. 

15. A client computer system for use with a duplex 
transport system and a server computer system 

45 having a server application, the client computer sys- 
tem and the server computer system having a serv- 
er component communicatively linked to a network 
system, the client computer system comprising: 

50 a client computer; 

a browser program configured to run on the cli- 
ent computer, the browser program having 
built-in features associated with communica- 
tion protocols used by the duplex transport sys- 
55 tern; 

one or more browser applications configured to 
run on the client computer under control of the 
browser program; 
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Task Force and the Internet Research Task Force 

22. The server computer system of claim 20 wherein 
the server component Is further configured to be as- 
sociated with the client component in an association 
to form a session that has more than one data pipes 
having duplex data traffic where each message of 
the duplex data traffic is assigned the pipe identifier 
corresponding to the data pipe used by each mes- 
sage. 



signing a session identifier to the session; 
designating a sub-session of the session as a 
data pipe of duplex data traffic between the 
browser application and the server application; 
5 and 

assigning a pipe identifier to the data pipe to be 
used by messages being sent through the data 
pipe. 

10 26. The method of claim 25, further comprising: 



23. The server computer system of claim 20 wherein 
the server component is further configured to be as- 
sociated with the client component in an association 
to form a session that has one or more data pipes 
that utilize the communication protocols associated 
with the built-in features of the browser program for 
the duplex data traffic. 

24. The server computer system of claim 20 wherein 
the built-in features of the browser program involve 
one or more of the following: uniform resource lo- 
cators (URLs), firewall/proxy navigation under Hy- 
pertext Transfer Protocol (HTTP), proxy configura- 
tion of the browser program, HTTP authentication, 
Transmission Control Protocol/Internet Protocol 
(TCP/IP), Secure Sockets Layer/Transport Layer 
Security (SSL/TLS), HTTP Secure (HTTPS), Inter- 
net Protocol Secure (IPSEC), and access to client 
certificates for use with security protocols. 

25. A method for establishing duplex communication 
between a browser application running under con- 
trol of a browser program on a client computer sys- 
tem and a server application running on a server 
computer system over a network, the method com- 
prising: 

registering a session listener callback function 
for the server application with a server compo- 
nent running on the server computer system; 
initiating through the browser application crea- 
tion of an instance of a client component to run 
on the client computer system; 
establishing through the instance of the client 
component communication over the network 
with the server computer system; 
based upon establishing communication be- 
tween the client component and the server 
computer system, creating an instance of a 
server component to run on the server compu- 
ter system; 

notifying the server application through the ses- 
sion listener callback function of the establish- 
ment of the instance of the server component; 
establishing an association between the in- 
stance of the client component and the instance 
of the server component as a session and as- 



registering a pipe listener callback function with 
the instance of the server component; 
creating an instance of a second data pipe 
through the browser application from the in- 
stance of the client component and the instance 
of the server component; and 
notifying the server application through the pipe 
listener callback function of creation of the sec- 
ond data pipe. 

27. A method of transmitting data from a client compu- 
ter system to a server computer system, the method 
comprising: 

invoking a Read function through a server ap- 
plication on the server computer system, the 
server application associated with a session 
between an instance of a client component run- 
ning on the client computer system and an in- 
stance of a server component running on the 
server computer system; 
presenting a data buffer of the server applica- 
tion to an upstream component of a data pipe 
associated with the instance of the server com- 
ponent; 

writing data from a browser application on the 
client computer system to an upstream compo- 
nent of a data pipe associated with the instance 
of the client component; 

sending an Hypertext Transfer Protocol (HTTP) 
Post along with data to the instance of the serv- 
er component; and 

sending from the instance of the server compo- 
nent either a Server Read Return or a Server 
Receive callback along with the data to the 
server application. 

28. The method of claim 27, further comprising: 

sending an HTTP Post Reply to the instance of 

the client component; and 

sending a Browser Write Return to the browser 

application. 

29. A method of transmitting data from a server com- 
puter system to a client computer system, the meth- 
od comprising: 
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.(54) System and method for secure duplex browser communication over disparate networks 

(57) A system and method for secure duplex brows- 
er communication over disparate networks provides du- 
plex communication between applications such as a 
browser program running on a client computer system 
and server applications running on a server computer 
system. Standard web-based protocols used with the 
duplex communication allow use of built-in browser pro- 
gram features such as related to security and navigation 
that would otherwise be specially provided. Given the 
request-response nature of many of the standard web- 
based protocols, use of standard web-based protocols 
for duplex communication has not been readily attaina- 
ble in the past. A duplex transport system to provide the 
duplex communication includes a client component run- 
ning on the client computer system and a server com- 
ponent running on the server computer system. The 
browser program controls one or more browser applica- 
tions configured to run on the client computer system. 
One or more instances of the client component and one 
or more instances of the server component are run to 
form one or more sessions each having session identi- 
fiers. Each session has one or more data pipes, which 
are sub-sessions. A particular data pipe has a pipe iden- 
tifier and provides two independent data paths of duplex 
data traffic between the browser applications that are 
communicatively linked to the instance of the client com- 
ponent and the server applications communicatively 
linked to the instance of the server component that are 
both associated with the respective session of the par- 
ticular data pipe. Messages of the duplex data traffic 
contain both session and data pipe identifiers. 
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